If you're really concerned about this - you should use some log monitoring software (Splunk, Tripwire Log Center, etc.) to look for the cues in audit.log that indicate an admin has accessed another account. Monitoring that it happened (and dealing with that as per your internal policies) is a better route to go through than blocking the functionality.